jandre/formol
1
1
Fork 0
Code Issues 6 Pull Requests Projects Releases 1 Wiki Activity

snapshots #10

Merged
jandre merged 69 commits from snapshots into master 2023-04-24 06:49:52 +00:00
Conversation 0 Commits 69 Files Changed 115 +109 -4
1 changed files with 109 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 6c4d1a749c - Show all commits

113
controllers/backupconfiguration_controller_helpers.go
View File

@ -21,6 +21,7 @@ import (
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
batchv1 "k8s.io/api/batch/v1" batchv1 "k8s.io/api/batch/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
ctrl "sigs.k8s.io/controller-runtime" ctrl "sigs.k8s.io/controller-runtime"
@ -30,6 +31,11 @@ import (
formolv1alpha1 "github.com/desmo999r/formol/api/v1alpha1" formolv1alpha1 "github.com/desmo999r/formol/api/v1alpha1"
) )
const (
FORMOL_SA = "formol-controller"
FORMOL_SIDECAR_ROLE = "formol:sidecar-role"
)
func (r *BackupConfigurationReconciler) DeleteCronJob(backupConf formolv1alpha1.BackupConfiguration) error { func (r *BackupConfigurationReconciler) DeleteCronJob(backupConf formolv1alpha1.BackupConfiguration) error {
cronjob := &batchv1.CronJob{} cronjob := &batchv1.CronJob{}
if err := r.Get(r.Context, client.ObjectKey{ if err := r.Get(r.Context, client.ObjectKey{
@ -236,10 +242,19 @@ func (r *BackupConfigurationReconciler) AddSidecar(backupConf formolv1alpha1.Bac
Name: formolv1alpha1.SIDECARCONTAINER_NAME, Name: formolv1alpha1.SIDECARCONTAINER_NAME,
Image: backupConf.Spec.Image, Image: backupConf.Spec.Image,
Args: []string{"backupsession", "server"}, Args: []string{"backupsession", "server"},
Env: append(env, corev1.EnvVar{ Env: append(env,
Name: formolv1alpha1.TARGET_NAME, corev1.EnvVar{
Value: target.TargetName, Name: formolv1alpha1.TARGET_NAME,
}), Value: target.TargetName,
},
corev1.EnvVar{
Name: formolv1alpha1.POD_NAMESPACE,
ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "metadata.namespace",
},
},
}),
VolumeMounts: []corev1.VolumeMount{}, VolumeMounts: []corev1.VolumeMount{},
} }
switch target.TargetKind { switch target.TargetKind {
@ -253,6 +268,15 @@ func (r *BackupConfigurationReconciler) AddSidecar(backupConf formolv1alpha1.Bac
return err return err
} }
if addTags(&sideCar, &deployment.Spec.Template.Spec, target) { if addTags(&sideCar, &deployment.Spec.Template.Spec, target) {
if err := r.createRBACSidecar(corev1.ServiceAccount{
ObjectMeta: metav1.ObjectMeta{
Namespace: deployment.Namespace,
Name: deployment.Spec.Template.Spec.ServiceAccountName,
},
}); err != nil {
r.Log.Error(err, "unable to create RBAC for the sidecar container")
return err
}
deployment.Spec.Template.Spec.Containers = append(deployment.Spec.Template.Spec.Containers, sideCar) deployment.Spec.Template.Spec.Containers = append(deployment.Spec.Template.Spec.Containers, sideCar)
r.Log.V(1).Info("Updating deployment", "deployment", deployment, "containers", deployment.Spec.Template.Spec.Containers) r.Log.V(1).Info("Updating deployment", "deployment", deployment, "containers", deployment.Spec.Template.Spec.Containers)
if err := r.Update(r.Context, deployment); err != nil { if err := r.Update(r.Context, deployment); err != nil {
@ -266,3 +290,84 @@ func (r *BackupConfigurationReconciler) AddSidecar(backupConf formolv1alpha1.Bac
return nil return nil
} }
func (r *BackupConfigurationReconciler) createRBACSidecar(sa corev1.ServiceAccount) error {
// sa := corev1.ServiceAccount {}
// if err := r.Get(r.Context, client.ObjectKey {
// Namespace: backupConf.Namespace,
// Name: FORMOL_SA,
// }, &sa); err != nil && errors.IsNotFound(err) {
// sa = corev1.ServiceAccount {
// ObjectMeta: metav1.ObjectMeta {
// Namespace: backupConf.Namespace,
// Name: FORMOL_SA,
// },
// }
// r.Log.V(0).Info("Creating formol service account", "sa", sa)
// if err = r.Create(r.Context, &sa); err != nil {
// r.Log.Error(err, "unable to create service account")
// return err
// }
// }
if sa.Name == "" {
sa.Name = "default"
}
role := rbacv1.Role{}
if err := r.Get(r.Context, client.ObjectKey{
Namespace: sa.Namespace,
Name: FORMOL_SIDECAR_ROLE,
}, &role); err != nil && errors.IsNotFound(err) {
role = rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{
Namespace: sa.Namespace,
Name: FORMOL_SIDECAR_ROLE,
},
Rules: []rbacv1.PolicyRule{
rbacv1.PolicyRule{
Verbs: []string{"get", "list", "watch"},
APIGroups: []string{"formol.desmojim.fr"},
Resources: []string{"backupsessions", "backupconfigurations"},
},
rbacv1.PolicyRule{
Verbs: []string{"get", "list", "watch", "create", "update", "patch", "delete"},
APIGroups: []string{"formol.desmojim.fr"},
Resources: []string{"backupsessions/status"},
},
},
}
r.Log.V(0).Info("Creating formol sidecar role", "role", role)
if err = r.Create(r.Context, &role); err != nil {
r.Log.Error(err, "unable to create sidecar role")
return err
}
}
rolebinding := rbacv1.RoleBinding{}
if err := r.Get(r.Context, client.ObjectKey{
Namespace: sa.Namespace,
Name: FORMOL_SIDECAR_ROLE,
}, &rolebinding); err != nil && errors.IsNotFound(err) {
rolebinding = rbacv1.RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Namespace: sa.Namespace,
Name: FORMOL_SIDECAR_ROLE,
},
Subjects: []rbacv1.Subject{
rbacv1.Subject{
Kind: "ServiceAccount",
Name: sa.Name,
},
},
RoleRef: rbacv1.RoleRef{
APIGroup: "rbac.authorization.k8s.io",
Kind: "Role",
Name: FORMOL_SIDECAR_ROLE,
},
}
r.Log.V(0).Info("Creating formol sidecar rolebinding", "rolebinding", rolebinding)
if err = r.Create(r.Context, &rolebinding); err != nil {
r.Log.Error(err, "unable to create sidecar rolebinding")
return err
}
}
return nil
}